December 10, 2005
Knowing the enemy within
The Seattle Times: Business & Technology: Knowing the enemy within
By Charles Bermant
Special to The Seattle Times
When most of us think of spammers, we conjure up images of a fat guy wearing loud clothes and too many rings, braying away in a voice that annoys the people at the next table in the same way his stock in trade does for his victims.
Or maybe some skinny, pimply kid in pajama bottoms, sending out a million messages from his basement; whooping with joy upon receiving the handful of responses that will keep him in business.
In any case, picture the most reprehensible person imaginable, a miserable soul bent on spreading the gloom as he invades your inbox.
Stereotypes, however, don't always ring true. And at least one spam fighter feels the way to fight spammers is to address them as human beings, and just say no-thank-you.
Blue Security (www.bluesecurity.com) is assembling a do-not-intrude registry, similar in spirit to the do-not-call list that has gained moderate success in the battle against intrusive telephone solicitors.
It requires signing up for the service — which is at present free to consumers — and installing a mail client on your PC. You become part of this now 70,000 strong list that is made available to spammers who will presumably not send you any messages if you are on the list.
The first impression highlights an obvious drawback: Providing a spammer with a list of active e-mail addresses evokes a fox and a henhouse. But Blue Security Chief Executive Eran Reshef said the list is encrypted, preventing its viewing, dissemination or, most important, merging into a database. Instead, a spammer merges the do-not-intrude names into his own list, then erasing those appearing in both places.
"This isn't a magic bullet," he said. "Rather, it is a way to change spam activity in the long term."
The key to success here is recognizing spammers as businessmen driven by the profit motive, rather than the absolute scum of the earth.
Reshef, again: "These people are out to make money. They will respond to requests from people who are not interested in hearing from them. They don't want to go where they are not wanted."
advertising
Click to learn more...
Reshef's real-world example portrays a merchant who sets up shop in a new location and then blankets the neighborhood with leaflets. The people who take the time to throw out each flier are the same who use e-mail filters. But Reshef's customers band together, go to the merchant and ask him to stop.
I haven't met enough spammers to determine whether this will work, so I should rein in the skepticism.
Reshef has met some of these people. He said about 20 such characters are responsible for all of the world's spam. Some of them are already complying with the Blue Security scheme.
There are a few reasons why I won't join in here. Much of the spam I get is from obvious scam artists and faux Nigerians who don't have a Web site, which is necessary for this to work. And for the time being, Mac users are left out. Finding someone to port the program to the Rest of Us is toward the middle of Reshef's to-do list.
In the meantime, I seek the answer to a more important question: Am I a sexist if I imagine that all spammers are men?
If you have questions or suggestions for Charles Bermant, you can contact him by e-mail at cbermant@seattletimes.com. Type Inbox in the subject field. More columns at www.seattletimes.com/columnists.
December 10, 2005 at 09:43 AM in Spam | Permalink | TrackBack (32) | Top of page | Blog Home
August 09, 2005
Microsoft settles suit against one-time 'spam king'
Microsoft settles suit against one-time 'spam king' - Yahoo! News
Tue Aug 9,11:54 AM ET
SEATTLE (Reuters) - Microsoft Corp. has settled a lawsuit against Scott Richter, whom it identified as a former "spam king," as part of its ongoing efforts to curb the spread of unsolicited e-mail messages, the world's largest software maker said Tuesday.
Microsoft said that as part of the settlement Richter and his company, OptInRealBig.com Llc., agreed to pay $7 million to Microsoft.
Microsoft and New York Attorney General Eliot Spitzer had sued Richter in late 2003, asserting that he had sent, or helped other spammers send, billions of e-mail messages to consumers touting everything from herbal products to loan consolidation schemes. Richter and his company also violated state and federal laws, they said.
"The goal remains for us to separate spammers from their money," Microsoft general counsel Brad Smith told Reuters, "This is simply not going to be a profitable activity for people who engage in it."
Richter, who was not immediately available for comment, said in the joint statement with Microsoft that he denied Microsoft's allegations.
Nevertheless, Richter said that he and his company had changed their e-mailing practices and pledged not to send spam to anyone who has not asked to be sent commercial e-mail.
Additionally, as part of the settlement, Richter agreed to drop bankruptcy proceedings filed in March in the U.S. bankruptcy court in Denver, according to a joint statement by Microsoft and Richter. The settlement is conditioned on dismissal of the bankruptcy cases.
Smith said that Microsoft will reinvest all of the money, after legal expenses, including $5 million that will go to increase Internet enforcement efforts and expand technical and investigative support to help law enforcers to address computer-related crimes.
Microsoft said it has brought 135 cases against spammers in the last two years, including more than 100 in the United States.
(Additional reporting by Cal Mankowski in New York)
August 9, 2005 at 09:32 PM in Spam | Permalink | TrackBack (27) | Top of page | Blog Home
June 22, 2005
Microsoft Pushing Spam-Fighting System
Microsoft Pushing Spam-Fighting System - Yahoo! News
By ANICK JESDANUN, AP Internet Writer Wed Jun 22, 4:43 PM ET
NEW YORK - Microsoft Corp. is stepping up the pressure on e-mail senders to adopt its "Sender ID" spam-fighting technology despite problems that could send up to 10 percent of legitimate messages to junk folders.
ADVERTISEMENT
By the end of the year, Microsoft's Hotmail and MSN services will get more aggressive at rejecting mail sent through companies or service providers that do not register their domain names with the Sender ID system.
Sender ID seeks to cut down on junk e-mail by making it difficult for spammers to forge e-mail headers and addresses, a common technique for hiding their origins.
The system calls for Internet service providers, companies and other domain name holders to submit lists of their mail servers' unique numeric addresses. On the receiving end, software polls a database to verify that a message was actually processed by one of those servers.
Although only a quarter of e-mail messages now carry the proper Sender ID information, Microsoft believes it needs to begin requiring Sender ID to do a better job of cutting down on junk e-mail, said Craig Spiezle, director of Microsoft's technology care and safety team.
"We have a solution that works for about 90 percent of mail today," Spiezle said Wednesday. He said Microsoft will continue to fine-tune its spam filters to account for the remaining cases.
Although the standard-setting Internet Engineering Task Force dissolved a working group on Sender ID in September, partly because of a dispute over Microsoft's claims to a patent, Microsoft and other companies were encouraged to continue pushing their technologies in the marketplace.
For the past six months, Microsoft's Hotmail and MSN services have been checking Sender ID records as one test in determining whether a message is junk.
On Wednesday, Microsoft began posting a warning for users on top of messages whose numeric addresses don't match those in Sender ID records, meaning the e-mail likely came through an unauthorized mail server and could be junk.
By the end of the year, Microsoft will treat as failures cases where Sender ID records don't exist at all, increasing the likelihood those messages would be considered junk.
The Direct Marketing Association, the trade group for e-mail and other marketers, lauded the move as "a necessary step to protect both corporate brands and consumer confidence," said Jerry Cerasale, senior vice president for government relations.
Use of such systems, the association said, could help protect legitimate marketers from unauthorized use of their brands online.
Indeed, Spiezle said Sender ID has helped reduce the number of legitimate messages mislabeled spam. E-mail that passes the Sender ID test is given a slight positive boost in the filtering test, and for borderline cases it is enough to push the message to the non-junk inbox, Spiezle said.
But Spiezle acknowledged lingering concerns, including the disruption of mail-forwarding services that colleges and companies offer to alumni and subscribers.
Sender ID also could break "send to a friend" features in which someone clicks on a Web link to pass an interesting item to someone else.
Spiezle said Microsoft is monitoring such cases.
June 22, 2005 at 09:51 PM in Spam | Permalink | TrackBack (39) | Top of page | Blog Home
December 28, 2004
AOL Spam Down 75 Pct; Net Spam Trends Reverse
Internet News Article | Reuters.com
NEW YORK (Reuters) - You've got less spam, according to America Online, the world's largest online service.
The online unit of Time Warner Inc. on Monday said junk e-mail declined by more than 75 percent this year, based on its internal member reports.
Junk e-mail, known as spam, accounted for about 83 percent of computer traffic at one point this year, and have cost Internet providers about $500 million in wasted bandwidth, analysts have said.
As of November 2004, AOL received an average of 2.2 million complaints daily from its more than 24 million subscribers, down from 11 million complaints in the same period last year.
The daily average number of e-mails blocked by AOL's spam filters fell 50 percent to about 1.2 billion e-mails in late 2004 from a peak of 2.4 billion in 2003.
Attempts made by junk e-mail senders also fell to about 1.6 billion daily, from 2.1 billion last year.
AOL launched a new version of its software, AOL 9.0 Security Edition in November, which included a free version of the McAfee VirusScan Online software and improved anti-spam tools.
The company is also part of an tech industry coalition comprised of Microsoft Corp., EarthLink Inc. and Yahoo Inc., which have vigorously gone after suspected e-mail marketers, who hide behind fake e-mail addresses.
Reuters 2004. All Rights Reserved.
December 28, 2004 at 08:28 AM in Spam | Permalink | TrackBack (26) | Top of page | Blog Home
October 21, 2004
Canadians Dont Get Spam
Anti-spam efforts becoming more effective with up to 2.4 billion unsolicited messages blocked from Hotmail e-mail accounts daily – but frustrated consumers unsure how to better manage the influx of junk, according to MSN.CA poll
| Franais
TORONTO, ON, May 7, 2003 — Although significant measures are being taken to prevent junk e-mail – for example, MSN™ announced today that its Hotmail e-mail service blocks up to 2.4 billion spam messages – consumers are confused about how to manage the spam they do receive and keep it from being a daily nuisance, according to poll results released today by MSN.CA. The online poll of 1,600 Canadians aged 18 and older was conducted between March 19 and 25, 2003 among visitors to MSN.CA by OpenVenue e-Research Solutions.
The poll results indicate that the majority of consumers understand where spam comes from: for example, 85% of respondents identified that spam originates from companies paid to send out mass e-mails. However, the measures Canadians are currently taking to eliminate spam indicate there is still a lack of knowledge about how to manage junk mail and prevent it from piling up in e-mail inboxes.
Nearly a quarter of Canadians polled (23%) reply to spam e-mails with a request to be taken off the mailing list. Replying to spam only reaffirms that the e-mail account is an active address and ensures the user will be a target for future spam mailings. In addition, 42% of Canadians polled do not know who to contact to report spam and 78% have never reported spam to their Internet service providers. Most Internet service providers and free web-based e-mail providers encourage users to report spam abuse and concerns. The MSN Hotmail service, for example, has an e-mail address, abuse@hotmail.com, where users can send information about spam e-mail they have received.
Quite simply, many of the Canadians polled (22%) feel that spam is something they have to live with.
While it may be difficult to completely eliminate spam, there are ways to be smart about managing it, says Jill Schoolenberg, Director of Marketing, MSN.CA. There are a number of resources available to consumers that can help them reduce the amount of spam they receive.
In addition to reporting spam activity to the appropriate technology providers, there are other ways Canadians can be proactive about reducing the amount of spam they receive. A number of junk mail filters are available that allow varying degrees of spam protection. Some web-based e-mail providers, such as MSN Hotmail, offer Enhanced or Exclusive settings that block unwanted senders or enable users to identify the specific e-mail addresses from which they will accept messages.
Recently the industry has taken aggressive steps to stamp out spam. In late April, America Online, Microsoft and Yahoo! announced a commitment to work together and with other industry stakeholders to help fight spam. Companies are also developing technologies that will be more effective at intercepting spam before it reaches a users inbox. For example, spam-blocking technology developed by Microsoft Research has a smart junk mail filter that can be trained to recognize the types of messages the user considers to be spam, thus customizing the spam filter to individual preferences. The more the software is used, the more intelligent the filter becomes, blocking more and more unwanted messages from the inbox. The Microsoft Research filter is available through the MSN 8 service, MSNs Internet subscription service.
The key to managing spam is a combination of using the right technology and being proactive about stopping spam, says MSN.CAs Schoolenberg. By following a few simple steps, Canadians can save themselves the hassle of unwanted messages.
Steps consumers can take to avoid spam include:
Do NOT open or respond to junk e-mail by replying or even following an "unsubscribe" link in unsolicited e-mail. Responding to unsolicited mail only confirms that you have a live address and could open you up to further solicitation and scams that can clog your e-mail Inbox.
For Hotmail e-mail users, "block" abusive senders and report spam e-mail to abuse@hotmail.com
Do not use your e-mail address when participating in chat room conversations.
Invest in intelligent online software, such as MSN 8, that can block unwanted messages.
Carefully review all user agreements when signing up for online newsletters, shopping online, banking online, etc. to ensure that your e-mail address will not be shared with other organizations.
About MSN.CA
MSN.CA is a leading Canadian Web portal with 9.7 million*** unique monthly visitors. Its suite of online services delivers news, information, entertainment, and a variety of communication tools including MSN network of Internet services, Hotmail web-based e-mail service and MSN Search. MSN.CA also provides such high-quality interactive services as MSN Messenger, MSN Extra Storage, MSN 8, MSN Shopping, MSN Web Communities and many more for the Microsoft Windows operating system. For more information, please visit the Web site at www.MSN.CA.
About Microsoft Canada Co.
Established in 1985, Microsoft Canada Co. is the Canadian subsidiary of Microsoft Corporation (Nasdaq "MSFT") the worldwide leader in software, services and Internet technologies for personal and business computing. Microsoft Canada provides nationwide sales, marketing, consulting and local support services in both French and English. Microsoft Canada is headquartered in Mississauga, with MSN.CA offices located in Toronto and eight regional offices across the country dedicated to empowering people through great software - any time, any place and on any device. Visit Microsoft Canada's web site at www.microsoft.ca.
(c) 2003 Microsoft Corporation. Microsoft, Hotmail, MSN, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
October 21, 2004 at 07:32 AM in Spam | Permalink | TrackBack (31) | Top of page | Blog Home
October 01, 2004
Net giants adopt anti-spam system
BBC NEWS | Technology | Net giants adopt anti-spam system
The fight against spam is getting more serious as the net's big players impose conditions on bulk mail senders.
From October, AOL, Yahoo, Hotmail, Earthlink and Comcast want those that send lots of messages to their users to comply with new mail standards.
These technical specifications will help reveal whether a message came from the net address it claims to.
This will help identify hi-tech con artists posing as banks and net domains known to pump out junk mail messages.
Breaking the chain
The five big firms want every organisation that sends out lots of e-mail, including spammers, to comply with technical standards known as the Sender Policy Framework (SPF) and Sender-ID.
Despite the different names, these both do the same job of authenticating where an e-mail message came from.
Spoofing the origins of a message has become very popular with phishing gangs that send out e-mail messages that look like they came from a bank or other financial firm.
Typically these ask users to re-enter login or account details along with passwords. Those that fall victim to these scams can see their accounts cleaned out.
Messages sent to users of the five organisations that cannot be authenticated will be assumed to be spam or a phishing attempt and will be rejected.
This system will help organisations that use e-mail for legitimate marketing to get their messages through.
"It makes a huge difference on the phishing side," said Dave Anderson, chief executive of e-mail system maker SendMail. "For spammers this breaks the mechanism they have been using."
"The reality is that well north of 90% of spam that's sent never comes from the same address twice," he said. "We really have to change the way we think about this."
Slowing spam
Sender-ID was originally a Microsoft proposal known as Caller-ID for E-Mail and, until recently, was being merged with SPF into a single specification.
However, a dispute over the conditions Microsoft imposed on use of the Caller-ID technology led to the Sender-ID standard being dropped by the working group that pushes forward net technical standards.
But, said Mr Anderson, the six months of work done on Sender-ID has not been wasted.
"The SPF and Sender-ID people are still working together and are going to be using a common record format so you don't have to put up two sets of data," he said.
"By the end of this year we expect that half of the e-mail sent in the US will have SPF records or some other form of authentication on it," said Mr Anderson.
"But the more effective we are at filtering out, spam the more they will send."
He said greater use of authentication systems and lists of reputable e-mail senders should make a big difference.
"The amount of spam seen by users will plummet, if not go to zero," he said.
October 1, 2004 at 10:33 PM in Spam | Permalink | TrackBack (20) | Top of page | Blog Home
August 24, 2004
US tops league of e-mail spammers
BBC NEWS | Technology | US tops league of e-mail spammers
The US is the biggest spammer, despite efforts to combat unwanted e-mail, according to net security experts.
Almost 43% of all unwanted e-mails originated from the US in the last month, said anti-virus firm Sophos.
The report suggests that anti-spam laws passed in the US nine months ago have had little impact.
South Korea, the most broadband-connected country in the world, was next in line, firing out 15% of all junk e-mails.
"Almost nine months on from the Can-Spam legislation and the US's attempt to clean up its act appears to have had little impact," Graham Cluley, senior technology consultant for Sophos said.
"Canada has made some progress, however, cutting the percentage of the world's junk e-mail sent from the country by over half, from 6.8% six months ago to 2.9% today."
The figures also showed that South Korea had tripled the amount of spam mails sent out from its networks since February.
Legal action
The Can-Spam Act (Controlling the Assault of Non-Solicited Pornography and Marketing) was passed by US law-makers in late 2003 and came into force in January this year.
It means spammers can be imprisoned and it also outlaws many of the tactics they use to hide their tracks.
It also requires that unsolicited e-mails should include a way for recipients to "opt-out" of receiving future e-mails.
Only net service providers and governments can use the Can-Spam Act to tackle spammers.
In March, AOL, Microsoft, Earthlink and Yahoo filed lawsuits against individuals in the US who they claimed used open proxies to send spam through innocent third-parties and used false "from" e-mail addresses.
"Spammers are motivated by watching their bank accounts get fatter and fatter, and many have turned to hacking into innocent third-party computers to send their junk emails," Mr Cluley commented.
"Many of the computers sending out spam are likely to have had their broadband internet connections exploited by remote hackers."
About 40% of global spam is sent out via "zombie computers", machines which have been harnessed without the knowledge of the PC user, he added.
1 - United States 42.53%
2 - South Korea 15.42%
3 - China (& Hong Kong) 11.62%
4 - Brazil 6.17%
5 - Canada 2.91%
6 - Japan 2.87%
7 - Germany 1.28%
8 - France 1.24%
9 - Spain 1.16%
10 - United Kingdom 1.15%
11 - Mexico 0.98%
12 - Taiwan 0.91%
Others 11.76%
Source: Sophos August 2004
August 24, 2004 at 08:33 AM in Spam | Permalink | TrackBack (23) | Top of page | Blog Home
August 13, 2004
Microsoft proposes ID solution for spam
Microsoft proposes ID solution for spam
By Dawn Kawamoto, CNET News.com
Sender ID technology, which assures recipients that the sender of an address is genuine, could curb spam and phishing, the software giant says
Microsoft on Thursday is holding a summit with members of the Email Service Provider Coalition to address the use of Sender ID technology as a standard to fight spam and phishing.
The software giant said it would gather more than 80 members of the ESPC coalition at its headquarters to discuss using Sender ID as a way to ensure that email originates from the Internet domain it claims to come from. Fighting the annoyance of spam and the dangers of fraud activity such as "phishing" is among the top concerns of Internet users and the companies that serve them.
Sender ID validates the server Internet Protocol address of the sender to assure an email recipient that a message claiming to be from a credit card company actually is. The technology relies on Microsoft's Caller ID for Email technology and the Sender Policy Framework, authored by Meng Weng Wong, chief technology officer at Pobox.com.
The Internet Engineering Task Force is currently evaluating Sender ID as an industry standard for email authentication. Thursday's meeting will look at what Sender ID can do to control unwanted email and at the challenges the technology will bring to legitimate users of email.
Several companies have already announced plans to roll out products and services that support Sender ID, including Cloudmark, DoubleClick, IronPort Systems, Sendmail, Symantec, Tumbleweed and VeriSign, Microsoft said in a statement.
DoubleClick, which delivers Web advertising, will use Sender ID in the email system it uses to communicate with its customers. Ken Takahashi, DoubleClick's senior director of email operations and ISP relations, said a framework like Sender ID is only part of the solution to controlling unwanted and fraudulent email.
"Since the spam epidemic exploded in the past few years, we have always maintained that a solution could only come from a combination of legislation, technology, industry self-regulation and consumer education."
Companies and individuals are increasingly deluged with spam and phishing scams, in which con artists send email purportedly from a recipient's bank, credit card company or Internet provider requesting sensitive information such as "lost" credit card numbers or passwords "needing confirmation."
Spammers often "spoof" their return addresses -- forging them to make them look legitimate to the recipient's spam filters. This can trick recipients into opening the unwanted mail, because it appears to be from a known contact. The technique also assists in the dissemination of email viruses.
Other efforts
The email problems have sparked efforts by other email giants such as America Online and Yahoo to research their own authentication systems. AOL and Yahoo have technologies in the works, and plan to implement them into their email systems by year's end.
AOL has been testing a system called Sender Permitted From, or SPF, that uses the domain name server (DNS). A company spokesman said SPF tests for outbound mail are currently compatible with SenderID. The company plans to test inbound SPF with SenderID beginning in September. AOL also will test technology supported by Yahoo by the end of the year.
"This isn't an online medal race to see who gets the gold when it comes to spam-fighting," AOL spokesman Nicholas Graham wrote in an email. "We're all on the same team."
As for Yahoo, the Web portal is testing its so-called DomainKeys system for Yahoo Mail. The technology creates an encrypted email address signature and then uses DNS to prove a message verify it came from Yahoo. Recipient email servers must add software to use domain keys.
A Yahoo spokeswoman said the company is also looking into SenderID technology.
"We are evaluating IP-based solutions like SenderID," said company spokeswoman Terrell Karlston. "We are eager to see the results of some rounds of testing by other industry leaders."
CNET News.com's Jim Hu contributed to this report.
Friday August 13, 08:35 AM
August 13, 2004 at 01:37 PM in Spam | Permalink | TrackBack (27) | Top of page | Blog Home
OECD gives new task force two years to cut the spam
OECD gives new task force two years to cut the spam
PARIS (AFP) - The OECD said it has set up a task force to coordinate the fight by government, business and the public against unsolicited email messages, or spam.
It has given the the new group two years to study spam and develop a counter strategy.
The Organisation for Economic Cooperation and Development said in a statement the task force would improve the way work on key aspects of the problem was focused and would improve coordination between various bodies looking at the issue.
Key objectives included coordinating international policy, encouraging best practice in industry and business, promoting new technical defenses, informing consumers, and facilitating cross-border law enforcement.
On September 8 and 9, OECD member countries would hold a meeting in South Korea on fighting spam as a follow-up to their inaugural one in Brussels in February.
Regulators from about 60 countries met in early July at the United Nation's telecommunications agency to try to stop the growing tide of spam that threatens to drive users and businesses off the Internet.
Some studies indicate that unwanted advertising now accounts for up to 75 or 85 percent of inbound electronic mail, according to the UN's International Telecommunications Union.
An EU study has estimated that the worldwide cost to Internet subscribers of spam is around 10 billion euros (12.3 billion dollars) a year, not least because of hours lost deleting such messages from e-mail in-boxes.
Thursday August 12, 06:03 PM
August 13, 2004 at 01:35 PM in Spam | Permalink | TrackBack (21) | Top of page | Blog Home
July 09, 2004
2006 Emerging as Target for Killing Spam
2006 Emerging as Target for Killing Spam
ComputerWire Staff
The International Telecommunications Union yesterday informally threw its weight behind Bill Gates' target of eliminating spam within two years. Delegates to an ITU meeting in Geneva expressed varying degrees of confidence that it could happen.
"We could give ourselves a target of say two years to bring spam under satisfactory control," Robert Horton, the acting head of the Australian Communications Authority and the ITU meeting's host, told delegates.
"This is the target suggested by Mr Bill Gates in terms of the technical capabilities that are required and I think that as regulators we could align ourselves with that target," Horton said. "I believe the world cannot wait longer than that."
The ITU meeting, which concludes this morning, was ostensibly designed to bring telecommunications regulators from member nations together with experts on spam, to bash out ideas for international cooperation on the problem.
Gates first touted the two-year deadline in January at a meeting of the World Economic Forum. He had identified two ideas - computational challenge technology and micropayment-based economic disincentives, as solutions.
But delegates to the ITU meeting this week pushed other ideas. Enrique Salem, who was CEO of Brightmail Inc until its recent acquisition by Symantec Corp (NASDAQ: SYMC - news) , said ISPs throttling the spam passed through their networks is making a meaningful dent in spam.
"We are making progress, the reason I believe that is that spammers are having to send more and more spam to try and still get a return," Salem said. He pointed out that there's an event horizon after which this will no longer be feasible.
"I will tell you that the economics are about to shift," Salem told the ITU meeting. "We can sense it because we see specific data points that at some point they cannot continue to send more and more spam."
Delegates pointed out that the majority of spam nowadays is sent via compromised residential PCs on broadband connections. A representative of DoCoMo said that the company has been deactivating phones belonging to the mobile spammers.
Richard Cox, CTO (Milan: CTO.MI - news) of the SpamHaus Project, said that ISPs and carriers need to be better at responding to abuse complaints, and they need to be supported by laws that allow them to disconnect nodes they find to be compromised.
Cox also said it is too easy for spammers to hide their identities online, and called for domain name registrars to be stricter on accuracy when they gather contact information from their customers.
"Registrars are accepting the most blatant of false information from people registering domains, and we have great difficulty persuading them to do otherwise," Cox said. "We've got to make some fundamental changes to how registrars do business."
Speaking to ComputerWire yesterday, Scott Chasin, CTO of MX Logic Inc, said that two years was also discussed as a tentative deadline for net-wide deployment of the Sender ID email sender authentication spec at a recent meeting of technologists.
"The two-year timeline is running deep in a lot of circles," Chasin said. He said he sees rollout of Sender ID evolving gradually, though there was some discussion about big ISPs enforcing Sender ID support to anybody wanting to send to their users.
Most people involved in the spam debate agree on another Gateism, that there's no "silver bullet" or "magic bullet to the spam problem. Spammers have shown themselves adept at circumventing many types of countermeasure.
"Has anyone got that final ultimate solution to problem of spam?" Cox asked the ITU meeting's delegates. "There is no such solution, if there was, spam would change to get around it."
"Even if we can address spam problem in two years time, there will be some other misuse of the internet coming along," David Brunswick, of Tumbleweed Communications Inc and the Anti-Phishing Working Group, told the meeting.
July 9, 2004 at 07:57 AM in Spam | Permalink | TrackBack (15) | Top of page | Blog Home
July 07, 2004
Regulators from 60 countries start to tackle growing tide of spam
Regulators from 60 countries start to tackle growing tide of spam
GENEVA (AFP) - Regulators from about 60 countries began a meeting at the UN's top telecommunications agency to try to stop the growing tide of unsolicited e-mails or "spam" that threaten to drive users and businesses off the Internet.
"It's a disease which has spread around the world. We have an epidemic on our hands which we need to control," said Robert Horton, the acting head of the Australian Communications Authority who is chairing the three-day meeting in Geneva.
Some studies indicate that spam now accounts for up to 75 or 85 percent of inbound electronic mail, according to the UN's International Telecommunciations Union (ITU).
"Clearly it's more irritable than it was even 12 months ago where it could have been 35 percent, and people might have tolerated it to a certain level," Horton told journalists.
"People are less tolerant today and are prepared to walk away from the Internet and stop using it in their business and in their private lives," he added.
Horton said he hoped that the meeting, the first of its kind, would trigger greater international cooperation needed to bring spam under control within two years.
As a first step, regulators are likely to set up a register of contacts in individual countries, where the problem is often dealt with by different government telecommunications, broadcasting or trade agencies.
They are also aiming to swap notes over different types of legislation which are being implemented in countries including the United States, South Korea and Britain.
July 7, 2004 at 08:16 PM in Spam | Permalink | TrackBack (23) | Top of page | Blog Home
June 17, 2004
Programs: ChoiceMail Puts a Stranglehold on Spam
Yahoo! News - Programs: ChoiceMail Puts a Stranglehold on Spam
By Gene Emery
PROVIDENCE, R.I. (Reuters) - I don't need Viagra, my credit is fine, and somehow I doubt the PhD offered via e-mail with "no required tests, classes, books, or interviews!" is going to be worth much. If you're inundated and infuriated by spam, the newly released free version of DigiPortal Software's ChoiceMail may prevent you from going postal.
I've found it does a wonderful job of mopping up the insidious e-mail that gets past most spam filters.
I receive, on average, about 33 pieces of junk mail per day. The spam blocker offered by my Internet provider screens out 75 percent of the messages, but one in four still get through, partly because spammers keep finding ingenious and insidious new ways to get past the filters. One way is by spelling Viagra "V!(at)gra."
ChoiceMail takes a different approach. It uses all the names in your electronic address book to create a "whitelist" of people you probably want to hear from. Messages from them will get through automatically, unless you decide otherwise. If you send e-mail to someone, ChoiceMail automatically adds that address to your whitelist -- another feature that can be turned off, if you wish.
When someone who is not on the whitelist sends an e-mail, the message is moved, as if by an occult hand, into an "Unknown senders" folder. Senders then get an e-mail reply announcing that their message won't be delivered until they go to a Web page and fill out a short challenge form, which, as it turns out, isn't particularly challenging. It simply requests the sender's name, asks that individual to write a brief message, and type in a number that appears on the screen, which prevents an automated response.
DigiPortal says it's akin to your asking "Who's there?" when you hear a knock on the door.
The sender has four days to respond, otherwise their message is sent to the Junk Box, where it is held for a few more days before being automatically deleted. The program allows you to change the holding time.
If the sender has filled out the form, an on-screen message alerts you. A simple click will send you to the "Senders waiting for your approval" screen.
At that point, you can decide to accept that one piece of e-mail, accept all future e-mails from that sender, or put them on a "blacklist" that automatically deletes all their correspondence. If you choose to blacklist someone, the program gives you the option to e-mail an explanation.
ChoiceMail also allows you to accept all mail from a particular domain, such as Reuters.com, regardless of who is sending it to you.
The system isn't foolproof.
Newsletters, for example, are often sent from e-mail addresses that are incapable of receiving mail, so they might get lost.
In my case, ChoiceMail held up newsletters from quackwatch.org, which tracks the often-nefarious doings of people who hawk untested medical treatments; snopes.com, which checks the truthfulness of stories you hear via the Internet, and a newsletter for curmudgeonly journalists called the Burned-Out Newspapercreatures Guild (BONG) Bulletin, which tries to encourage ink-stained wretches like moi to work the phrase "occult hand" into their stories.
This is why it pays to periodically go through the "Unknown senders" folder or the Junk Box to see if you're missing anything important.
Once again, if you find something that should not have been blocked, you have the option of instantly adding senders or their company/organization to your whitelist.
The program also lets you create rules for blocking or allowing messages. For example: I've set up my program so that any message that mentions "Reuters" gets through.
ChoiceMail has a great system for previewing questionable messages. Rolling the cursor over a message reveals the first few words. If you double-click on the message, you can read the text without having to worry about viruses.
One problem I found: Some senders may not see the reply inviting them to fill out the challenge form.
When a friend with a Yahoo account tried to send me a message, the reply from ChoiceMail was treated as spam and sent to the Yahoo "Bulk Mail" folder, where it was missed.
The free version of ChoiceMail lacks some features included in the paid version, which costs $40. With the paid version, called ChoiceMail One, you can customize the reply that senders receive, protect an unlimited number of e-mail accounts, and use the program on Webmail from Yahoo, AOL, MSN and Hotmail.
For most consumers, "ChoiceMail Free" should work just fine. It can be downloaded from http://www.DigiPortal.com.
June 17, 2004 at 10:04 PM in Spam | Permalink | TrackBack (16) | Top of page | Blog Home
June 14, 2004
Trapping spam
Internet service providers are casting their nets to catch the rising tide of unwanted e-mail messages
RACHEL ROSS
Cast a big net and you'll catch a lot of fish.
Cast a better net and you'll save the dolphins.
For years, Internet service providers have struggled to keep unsolicited e-mail, or spam, out of our inboxes. Incoming spam frustrates their customers and outgoing spam can use up a lot of bandwidth. All that adds up to money lost.
So they've cast their nets far and wide, in an attempt to catch the spam while the legitimate e-mail flows through. Many of the spam filters used today rely on a rules-based review of the e-mail's content. Not all legitimate e-mail follows the rules, however. Sometimes important messages get caught in the process, never to be seen by the intended recipient.
But that's all about to change. Some of the biggest names on the Internet are already building better nets. America Online Inc. (AOL), Microsoft Corp., Yahoo Inc. and IronPort Systems Inc. are all developing new ways to secure e-mail so messages can be traced back to their roots. Some systems simply seek to eliminate unwanted messages, others are designed to make the spammers pay by putting a dollar value on bad behaviour.
"The spam problem is worse than ever, in terms of the number of messages sent," said Sean Sundwall, corporate public relations manager for Microsoft Corp.
He said that, as of May, 64 per cent of mail sent to people who use Microsoft's Hotmail service was considered spam.
At the same time, Sundwall said Hotmail users are likely seeing less spam in their inboxes lately because Microsoft's filtering system keeps a lot of the junk out. Such filtering systems generally work by scanning incoming e-mail messages for words and phrases commonly used in unsolicited e-mail advertisements.
Unfortunately, filtering systems sometimes accidentally stop legitimate e-mail from reaching their intended recipients.
ThinData Inc. of Toronto helps companies reach their customers via e-mail by carefully crafting their messages so they aren't caught in the net intended to trap spam. Unlike spammers who e-mail ads indiscriminately to any e-mail address they can find, ThinData's clients only send e-mail to people who have actually asked to receive more information about their company.
However, some filters aren't very good at discriminating between spam and ads that people sign up to receive.
One filter called SpamAssassin looks for words such as "Free" or "Click Here" and large, bold, coloured fonts. A subject line that starts with the word "Buy" or "Buying" would also increase the likelihood that the e-mail will be blocked. The more spam-like qualities an e-mail has, the more likely it will be blocked.
"Certain filters are very aggressive," said ThinData's vice-president of client strategy, Wayne Carrigan.
He suggests his clients run their marketing messages through SpamAssassin, to see how "spammy" they appear and then change the wording or formatting as necessary.
But it's not a foolproof solution. Despite their best efforts, many legitimate marketers still have a hard time reaching everyone on their mailing list because of overzealous filters.
"Companies wouldn't necessarily know if their e-mail got through," Carrigan said.
Moreover, once spammers get wise to the rules behind Spam-Assassin they will likely adjust their content so it appears less spammy too. Then it becomes a game of cat and mouse, where the spammers try to stay one step ahead of the filters.
Microsoft, AOL and Yahoo believe content filters are valuable. But they believe new kinds of filters are also needed to stop the rising tide of spam. All are essentially designed to do the same thing: check whether the e-mail really came from its stated origin.
Given our reliance on e-mail, it's a surprisingly insecure form of communication. The current e-mail system never questions the validity of a sender's address.
"Right now in the Internet world you can't know for certain whether an e-mail that claims to be sent from Microsoft, for example, is really from Microsoft," said Sundwall.
This has led to a relatively new phenomenon called phishing, where an evildoer sends out e-mail posing as a company representative and requests personal data. Last week, the Royal Bank of Canada was caught up in such a scam. Someone was sending out e-mail that appeared to be from the bank and asking people for their banking passwords. Bank spokesperson Judi Levita said the sender's address was listed as support@royalbank .com but the mail wasn't sent by the bank. It was sent by a scammer looking to steal some cash.
If e-mail addresses could be verified, scams like this wouldn't be a problem. Sundwall said spammers would also take a hit.
Most of the spam we receive is also from parts unknown. That's why it's so easy for spammers to escape the law: Their real identity is usually hidden behind a phony e-mail address.
Microsoft's spam solution is called Caller ID for E-mail. This system takes advantage of the one thing on an e-mail that cannot be forged: the Internet Protocol (IP) address. All over the Internet are special machines dedicated to sending and receiving e-mail. Each of those machines gets an IP address. It's sort of like a street address for computers.
There is already a global listing of IP address for the machines that accept e-mail. Under the Caller ID plan, a new list would be created for all of the machines that send mail so that, before an e-mail is transmitted, it would be stamped with the IP address of the machine that sends the e-mail on its way. Each IP address would be listed in the directory along with all the domain names that are authorized to send mail from that machine.
The IP address 203.170.241.26 might be responsible for mail from the domain names banana.com and rutabaga.com. (One IP address is often responsible for many domains.) An e-mail that was purportedly from peel@banana.com, for example, would only be accepted if the IP address on the e-mail was 203.170.241.26. Even then, the e-mail might be rejected. It all depends on the sender's reputation. If a verifiable sender has gotten a lot of complaints for spamming, the message might get turned away.
AOL is backing a very similar strategy known as the Sender Policy Framework (SPF). It also involves checking domain names against public directory of IP addresses for outbound e-mail servers. SPF just goes about it in a different way.
Alex Lesley, AOL Canada's vice-president of technology, said AOL implemented SPF in December and today some 14,000 Web domains are on board.
The technical differences between SPF and Caller ID will soon be moot, however. AOL and Microsoft recently announced that they will work together to develop one solid protocol for double-checking domain names against IP addresses.
Sundwall said he'd like to call the new merged strategy Sender ID, but nothing has been decided yet. It will likely be months, in fact, before a new merged strategy is ready to be put to use.
Yahoo's strategy, known as Domain Keys, is decidedly different. Its plan involves authenticating the entire e-mail, not just the address. Miles Libbey, anti-spam product manager for Yahoo Mail, said the Domain Key strategy offers a lot more than either SPF or Caller ID because it ensures the integrity of the whole message.
"With the Domain Keys solution it allows us to say the entire message was in fact created by the author," Libbey said.
The keys in such a system aren't the little metal pieces you shove into your door at home. They are actually composed of a series of text characters that can be processed much like numbers. There's a lot of math involved in this approach, but basically the keys are used to identify whether an e-mail really came from the purported sender and whether the contents of the message have been altered.
If the e-mail is validated and the sender isn't a known spammer, then the message goes through.
AOL's Lesley said he believes the Domain Key strategy would be harder to implement, but said it isn't necessarily incompatible with Caller ID or SPF. Ultimately, a multi-pronged approach could evolve.
IronPort Systems, Inc. of San Bruno, Calif., would like to add its own prong to that fork: the Bonded Sender system. With Bonded Sender, companies pay for bad behaviour. Participating companies would reveal their IP addresses and also put up money in the form of a bond. If enough people tell IronPort the company is sending spam, their bond is debited.
"It's an incentive for the company to never send spam," said IronPort's senior director of product management, Peter Schlampp.
He said the bond ranges from hundreds to thousands of dollars depending upon the amount of e-mail the company typically sends. Debited funds will go to various charities.
Microsoft backs the Bonded Sender strategy. Sundwall said he thinks it's a good addition to the Caller ID and SPR ideas.
"What (traditional) filtering does is trying to catch the bad guy," Sundwall said. "We want to shift the model to trying to identify the good guy."
Bonded Sender, he said, would achieve that goal so that mail from the "good guys" would have a better chance of making it to the intended recipient.
Bonded Sender is somewhat controversial, however. Some in the industry worry the system could shut out small business, for example.
Sundwall said companies that can't afford to put up a bond could still participate in the Bonded Sender program. Instead of money, these businesses would pay in speed. Special software on the sender's machine would force the machine to solve "computational puzzles" in the background, ultimately slowing the rate at which mail could be sent.
All the mail sent using this slower method would be specially flagged as legitimate mail, instead of spam.
"It basically limits the amount of mail a computer can send before it crashes," Sundwall said.
(Individual users wouldn't have to pay to send e-mail under such a scheme. As with the other proposals mentioned, those who choose not to participate would have their e-mail screened using more traditional filters, such as the content filters that are so common today, which search for words and phrases commonly used by spammers.)
All of the new proposals still need work, however. A recent study by the E-mail Service Provider's Coalition (ESPC) found significant problems with the Bonded Sender plan.
According to Direct Marketing News, the ESPC felt that the system was far too stringent. It would only take one complaint in a million to warrant a debit.
Schlampp said he wasn't aware of the complaint threshold issue, but he admitted that sometimes people complain about mail that isn't really spam at all.
"There are lots of false reports," he said.
Sometimes people just get confused or forget they have actually subscribed to a mailing list.
As with all these ideas, marketers say it's important that there's a proper feedback loop so that they can complain if they are improperly blacklisted.
These new filters will need to be more widely implemented before end users see a real reduction in the amount of spam they receive.
But Sundwall said we could see a big difference by the end of the year if enough companies adopt the free protocols that Microsoft is backing.
Sundwall said he hopes that these protocols, along with existing filtering systems, can all be used together to provide an accurate way to identify and isolate spam.
Content filtering alone is not enough. It's just too prone to error and easy for spammers to thwart. But if we can assess e-mail on the basis of its content and the sender's reputation we might be able to haul in the perfect catch.
June 14, 2004 at 07:57 AM in Spam | Permalink | TrackBack (16) | Top of page | Blog Home
May 30, 2004
70% of emails now spam
70% of emails now spam - Web User News
27/05/2004
Gail Robinson
Junk mail now accounts for nearly 70% of emails worldwide, according to the latest figures from email filtering specialists MessageLabs.
And there could be worse to come: 83% of all email traffic in the US is spam and MessageLabs predicts the UK will see US style spam levels by the end of the year.
40% of spam is healthcare related (were sure youve noticed all those Viagra and wonder diet messages clogging your in-box). However porn spam seems to be on a downslide. Filtering company Clearswift produces a regular Spam Index and found that just 4.8% of spam is pornography related.
A spokesperson for the company reasoned: It appears that adult products and services are not generating sufficient returns for spammers. Instead, they are switching to more profitable models using stock tips and consumer products as a hook.
Those Clearswift results in full
40% is healthcare related
37.8% is financial
12.8% is direct products
4.8% is pornography
May 30, 2004 at 01:51 PM in Spam | Permalink | TrackBack (37) | Top of page | Blog Home
May 28, 2004
Spam surge 'turning Britain into e-pariah'
Spam surge 'turning Britain into e-pariah'
By Graeme Wearden, ZDNet UK
Criticism of the UK's spam laws is growing nearly as quickly as the problem of junk mail itself
The government's failure to give businesses protection from unsolicited commercial email risks turning the UK into an Internet outcast, according to one of its political opponents.
The government's failure to give businesses protection from unsolicited commercial email risks turning the UK into an Internet outcast, according to one of its political opponents.
Michael Fabricant, the shadow minister for economic affairs, claimed this week that Britain's anti-spam laws need to be strengthened, given the continued rise in the amount of junk mail being received by email users.
"I believe that this legislation needs to be looked at again if Britain isn't to become a pariah nation amongst the global e-community," said Fabricant in a statement that largely repeated a speech he gave earlier this year.
MessageLabs reported this week that spam now makes up almost 70 percent of all mail sent worldwide, indicating that the problem is getting worse. In January it was reported that Britain had become one of the top ten countries responsible for sending spam.
The government brought in legislation last year that made it illegal to send unsolicited commercial mail to a personal email account, but which gave no protection to business accounts.
This decision has been heavily criticised by experts. As ZDNet UK reported last month, it's unlikely that any suspected spammer will face prosecution this year, due to the limited powers that have been given to the Information Commissioner, who is enforcing the law.
Government officials recently met with the Office of the Information Commissioner to discuss whether the law should be tightened up.
A spokeswoman for the Office of the Information Commissioner said on Friday that these discussions were ongoing with "nothing promised either way".
May 28, 2004 at 10:29 PM in Spam | Permalink | TrackBack (46) | Top of page | Blog Home
Spam master off to slammer
TheStar.com - Spam master off to slammer
`Buffalo Spammer' gets the maximum
Carmack sent out 825 million e-mails
WASHINGTON - A New York state man who sent out millions of "spam" e-mails has been sentenced to 3 1/2 to seven years in prison.
Howard Carmack, known as the "Buffalo Spammer," received the maximum sentence for 14 counts of identity theft and forgery, the state attorney-general's office said yesterday.
Carmack sent out 825 million bulk e-mail messages using stolen identities and forged addresses, the court found, and was the first defendant to face charges under the state's new identity-theft statute.
He was found guilty in April.
The forgery conviction fetched the longest sentence, while the other convictions drew shorter sentences of one year to four years. All will be served concurrently, said Brad Maione, spokesperson for Attorney-General Eliot Spitzer.
With good behaviour in prison, Carmack could be out in 3 1/2 years, Maione said.
Internet provider EarthLink Inc. won a $16.5 million (U.S.) judgment against Carmack last year, and EarthLink officials testified in the criminal trial as well.
"We're satisfied that today's sentencing sends a strong message to spammers, and EarthLink will continue to investigate spammers and work with law enforcement," EarthLink lawyer Karen Cashion said.
Many of Carmack's alleged activities are illegal under a national anti-spam law that took effect in January, seven months after he was charged.
reuters news agency
May 28, 2004 at 07:55 AM in Spam | Permalink | TrackBack (50) | Top of page | Blog Home
May 23, 2004
Spammers get fussy as zombie army grows
Spammers get fussy as zombie army grows
By Munir Kotadia, ZDNet UK
Is your Internet connection actually worth infecting? The Bobax worm tests PCs first to see if they'll be good spam zombies
The Bobax worm, which is less than a week old but has already spawned four variants, is one of the first worms to conduct a bandwidth test on its infected host to see if it is worthy of being used as a spam zombie.
Bobax uses a combination of the Windows vulnerabilities exploited by the Sasser worm and the MSBlast worm. Although Bobax is unlikely to spread very far because larger companies have already applied the relevant Microsoft patches, its behaviour shows that virus writers and professional spammers have taken control of more than enough computers to fulfil their requirements -- and are now able to get fussy about which ones to use.
Mikko Hyppnen, director of antivirus research at Finnish company F-Secure, said that although the Bobax worm infects any vulnerable machine, it has a bandwidth testing utility built in, which is used to help the virus authors decide if the infected machine has a fast enough Internet connection to be worthy of recruitment into their army of zombie spam relays.
The virus performs its bandwidth test by instructing the infected computer to download a large file from a public FTP site. Once the virus has collected some bandwidth statistics, it contacts the virus's author so it can be used as required, depending on the spammer's bandwidth requirements.
"The spammers have so many machines to choose from, they have the luxury of picking only the best of the crop -- the machines with the fastest connections and the widest bandwidth," Hyppnen said.
Graham Cluley, senior technology consultant for antivirus firm Sophos, said that being able to pick the fastest computers with the most bandwidth makes a lot of sense for spammers, but this behaviour means that they are spoilt for choice when it comes to machines they can exploit.
"It's fantastic being a spammer because you have this wonderful array of computers all around the world to go and infect -- it's not as though they have to battle over a few thousand computers," Cluley said.
F-Secure's Hyppnen said that although Sasser has already forced many people to update their machines, there is a constant stream of vulnerable computers being connected to the Internet.
"If someone buys a brand new computer today and puts it online, it won't have the patches. The first virus it will be infected by will most probably be Bobax," Hyppnen said.
May 23, 2004 at 11:08 PM in Spam | Permalink | TrackBack (34) | Top of page | Blog Home
May 20, 2004
Spamming for Dollars
Yahoo! News - Spamming for Dollars
By Cynthia L. Webb, washingtonpost.com Staff Writer
Fighting spam has turned into such a big business that anti-spam companies are becoming a hot commodity of their own.
Computer security firm Symantec is scooping up Brightmail, a San Francisco-based anti-spam and security software maker, in a $370 million cash deal, the company announced yesterday. It's a different exit strategy for Brightmail, which had filed plans to go public in hopes of raising some $80 million.
The decision bucks the trend set by Google and other companies, including BlueNile, to trust in the Street as the technology sector mends.
"The move suggests that despite so-called Google fever, entrepreneurs and their backers are considering various options in the face of a still-uncertain IPO market. Some venture capitalists are pushing private companies to merge rather than take the public-offering route, as a revenue-producing company can command almost as large a valuation with a sale as it would with an IPO. Brightmail, which reported revenue of $26 million in 2003, had received backing from several venture-capital firms, including Accel Partners and Technology Crossover Ventures, both of Palo Alto, Calif.," The Wall Street Journal reported. The paper noted that Symantec already held a roughly 11 percent stake in the company, but wanted to buy Brightmail to boost its security products.
The Wall Street Journal: Symantec To Buy Brightmail, Averting An IPO (Subscription required)
The San Jose Mercury News said the acquisition "gives Symantec a foothold in one of the hottest areas of computer security -- helping customers filter out billions of unwanted e-mail messages. Spam increasingly is seen as not just an annoyance but also as a security threat. The mass messages often carry computer worms and viruses. Symantec, the maker of Norton anti-virus software, has been working to offer businesses a wider array of computer security products and services." On that note, CNET's News.com reported that Symantec has acquired a number of companies in the past two years, including SafeWeb and On Technology.
The San Jose Mercury News: Symantec To Buy Anti-Spam Company (Registration required)
CNET's News.com: Symantec To Buy Brightmail
Symantec's competitors have also been on a buying spree. "Symantec and its closest rival Network Associates Inc. have been acquiring smaller computer security companies as they seek to offer a wider package of network and computer security to large businesses. Spam has become a growing concern for companies and individuals, resulting in clogged network traffic and wasted productivity in the time people spend to eliminate unwanted ads touting everything from miracle herbs to get-rich-quick schemes," Reuters said.
Reuters: Symantec To Acquire Antispam Company Brightmail
Symantec explained more about why it decided to acquire Brightmail, which was already a partner for the company. "Spam has increasingly become one of the most severe threats to individuals and enterprises today, topping viruses as the number one problem plaguing email systems and administrators," said John W. Thompson, Symantec chairman and chief executive, in a statement. Steve Cullen, Symantec's senior vice president of security products and solutions, told the Merc: "We are big believers that to protect against these blended threats, you really do need to have multiple technologies."
The Associated Press detailed how Brightmail's technology works. "San Francisco-based Brightmail provides software that uses filters and other proprietary technologies to block spam at the customer's Internet gateway, the point at which Internet traffic enters the public network. Brightmail's corporate customers include eBay Inc., Deutsche Bank, Cisco Systems Inc. and Bechtel Corp. It also provides spam protection to major Internet service providers, including AT&T WorldNet, Cox Communications, EarthLink, MSN and Verizon Online.
The Associated Press via washingtonpost.com: Symantec To Buy Antispam Firm For $370 Million
Sex and the Single Spammer
In other spam news, sexually explicit spam now must be clearly labeled per a new Federal Trade Commission rule that went into effect yesterday. The rule is mandated by a six-month-old national anti-spam law that already is under fire from a number of different quarters for being ineffective in cutting the amount of junk mail flooding the nation's in-boxes. Speaking for myself, I got a slew of shady e-mails this morning alone that weren't kid-friendly and bore no label... Indeed, to the spam industry this rule might be nothing more than a hiccup, despite assurances from the rule's supporters who will say, "just give it time."
More on the rule, courtesy of The Associated Press: "The rule also bars graphic images from appearing in the opening body of the message. Instead, the recipient must take some action in order to see the objectionable material, either by scrolling down in the e-mail or by clicking on a provided link. Spammers who violate the rule face possible imprisonment and criminal fines of up to $250,000 for individuals and $500,000 for an organization. But tracking down violators can be difficult because spammers often try to escape being directly identified by using forged return addresses or by bouncing their e-mails through unprotected relay computers on the Internet."
The Associated Press via washingtonpost.com: FTC Requiring Labels On Explicit Spam (Registration required)
Open Sesame
For many people, using a wireless phone has provided a haven from telemarketers. Not for long.
"After years of anonymity, the numbers of most of the nation's mobile phones will be compiled later this year in the first wireless directory. The database being assembled by the Cellular Telecommunications and Internet Assn. is expected to include about 75% of the 163 million mobile phones in the United States, making looking up a wireless number as easy as dialing 411," The Los Angeles Times reported today. "The association is pitching the directory as a boon for real estate agents and other on-the-go professionals who want people to be able to find their mobile numbers. But privacy advocates, some members of Congress and even a major cellular carrier -- Verizon Wireless -- fear that mobile phones, once immune to telemarketers and e-mail spammers, could become as vulnerable as home telephone lines and computer in-boxes."
The Los Angeles Times: Coming Soon: A Cellphone Directory (Registration required)
A Phat Telco Deal?
The telecom sector is showing new signs of life. Tellabs Inc. today said it has inked plans to buy Advanced Fibre Communications for $1.9 billion in cash and stock. The deal creates "a major player in the telecommunications-gear market as the industry switches to broadband standards," Dow Jones Newswires reported, noting that Tellabs makes data, voice and video transport and access systems.
The Associated Press said "Tellabs has been through major changes in the past few years. The company has slashed jobs, shuttered all plants and outsourced manufacturing to focus on research and development and services."
Dow Jones Newswires via The Wall Street Journal: Tellabs to Buy Advance Fibre For $1.9 Billion in Cash, Stock (Subscription required)
The Associated Press via washingtonpost.com: Tellabs Agrees To Buy Telecom Supplier AFC (Registration required)
Speaking of telecom, The New York Times today detailed Lucent Technologies's efforts to put the telecom sector's dark days behind it. An excerpt: "Patricia F. Russo has little time to exhale. As chairwoman and chief executive of Lucent Technologies, she has returned the telecommunications giant to modest profitability by eliminating tens of thousands of jobs, slashing billions of dollars in debt and settling major lawsuits with investors. This week, the company settled a suit by the Securities and Exchange Commission (news - web sites) over its accounting practices, and agreed to pay a $25 million fine," the newspaper said. "But Ms. Russo, who took the helm at Lucent during the depths of the telecommunications collapse in 2002, is anything but sanguine. Having staved off Lucent's financial freefall, she is now in a race against time to develop new products and services that will allow Lucent to survive as the entire industry changes around it."
The New York Times: Chairwoman Pulls Lucent Back From the Brink, but Not Out of the Woods (Registration required)
Put on Your Game Face
Sammy Corp., a Japanese gaming company known for its pachinko pinball machines, is purchasing video game company Sega Corp. in a stock deal valued at $1.4 billion, the companies said.
The San Francisco Chronicle noted for "Sega, which has its U.S. headquarters in San Francisco, the acquisition closes a turbulent chapter for one of the most recognizable names in video games. The company, best known for its speedy Sonic game character, has been struggling for the last few years and has been rumored to be a takeover target. Last year, Sega reported $77 million in net income on $1.7 billion of revenue. Sammy reported profit of $285 million on $2.2 billion in sales. Combined, their revenue would exceed Konami Corp., the largest Japanese game software firm. The two firms will combine their operations to create a new subsidiary, Sega Sammy Holdings Inc., by Oct. 1, and fully integrate the businesses by March 2007, the firms said."
Reuters reported that Sega shares "soared on Wednesday after its top shareholder, Sammy, said that it would buy out Sega and merge the two companies under a holding company," but added later that "analysts expressed skepticism about a planned merger that failed last year, after the two sides disagreed on management style and other terms of an integration. In subsequent months, industry watchers speculated that Microsoft was interested in buying Sega."
The San Francisco Chronicle: Pachinko-Maker To Acquire Sega
Reuters via CNET's News.com: Sega To Be Bought By Arcade Giant
Microsoft: Corporate Coupon Cutter
Times are good for Microsoft. The company has oodles of cash in the bank and the company is making strides to beat back various legal volleys. But the company is looking for ways to save more dough in these leaner economic times and is cutting some employee benefits to slash costs, The Seattle Times and Seattle Post-Intelligencer reported today. "The company announced to workers Tuesday that it was cutting prescription-drug benefits, tightening parental-leave policies and making it more expensive for them to buy stock. It also will decrease the vacation time given to future employees. The cuts are expected to save the company at least $80 million a year, and come as part of an across-the-board effort to reduce costs. Microsoft has promised investors it will limit new spending in the coming year," the Times reported.
The Seattle Times: Microsoft Cuts Some Perks With An Eye On Bottom Line
The Seattle Post-Intelligencer: Microsoft Trims Benefits To Cut Costs
Filter is designed for hard-core techies, news junkies and technology professionals alike. Have suggestions, cool links or interesting tales to share? Send your tips and feedback to cindyDOTwebbATwashingtonpost.com. (Yes, those spammers have been having a lot of fun with my e-mail address lately.)
May 20, 2004 at 07:10 PM in Spam | Permalink | TrackBack (24) | Top of page | Blog Home
April 06, 2004
Europe's War on E-Mail Spam Claims First Scalps
Yahoo! News - Europe's War on E-Mail Spam Claims First Scalps
Tue Apr 6, 5:21 AM ETAdd Technology - Reuters Internet Report to My Yahoo!
By Bernhard Warner, European Internet Correspondent
LONDON (Reuters) - E-mail spammers take heed: Europeans are finally winning legal tussles against digital peddlers of get-rich-quick schemes, sexual aids and pornography.
Some of the world's biggest e-mail providers, including Microsoft Corp and Time Warner's AOL Internet unit have begun to build cases against spammers from a mountain of consumer complaints -- and scoring legal victories.
In December, a German court ordered three companies to stop sending pornographic e-mails to Microsoft's Hotmail users. And a French court recently issued a cease and desist order on a man who admitted sending 150,000 e-mail offers for an "electric-pliant scooter" to AOL and Hotmail users.
The trickle of successful prosecutions isn't likely to end the flow of unsolicited e-mails any time soon, spam fighters point out, but it does offer consumers some hope that justice is at hand.
"Spam is very high on the agenda of most governments. It is a difficult matter to tackle, but we are seeing some progress on this front," said Beatrice Belmas, director of legal and corporate affairs for Microsoft in Europe.
SPAM JUSTICE
In the United States, where the legal crackdown started years earlier, dozens of courts across the country have fined spammers and ordered them to cease their activities.
Now, more cases are pending across Europe including in Denmark and Sweden, Microsoft and AOL say.
The legal clampdown is occurring at a point when the daily flow of spam has surpassed legitimate e-mail.
And, police suspect, organized crime gangs are using spamming tactics to defraud online banking customers out of their passwords and banking details or spread computer viruses capable of taking over people's PCs. "What needs to be done is to fight spam on all fronts, including bringing the big spammers to justice, and Europe is willing to cooperate," said Eric Walter, who heads anti-spam efforts for the French Prime Ministry.
France's consumer protection council CNIL has begun working with U.S. government agencies, including the Federal Trade Commission, to track down the biggest international spammers.
SPAM LAW BACKLOG
Many believe international cooperation, and perhaps multi-national treaties, will be needed to stop the global spam flow.
But before prosecutors can expect the big international collar, there are still legal snags in Europe. Last week, the European Commission (news - web sites) threatened to take eight member nations, including Belgium, France and Germany, to the European Court of Justice for failing to implement the EU privacy directive -- a broad law that criminalizes the distribution of e-mail to users without their permission.
Spam fighters would like to see new laws include hefty fines and jail time for repeat offenders.
"The problem with fines is that you are dealing with fraudsters. They have no intention of paying," said Steve Linford, founder of British-based spam-fighting group The Spamhaus Project.
Another obstacle is the courts themselves. Spam cases are new territory for judges and prosecutors.
"We have gone to court only to find that judges have never used the Internet before. It's an education we do on the spot. But they are really very interested," said Microsoft's Belmas.
Still, the world's biggest e-mail providers continue to invest heavily in an anti-spam effort that includes both new technological remedies and lawsuits.
"We cannot wait. Our goal is to do as much as necessary to significantly reduce the pain," she added.
April 6, 2004 at 01:57 PM in Spam | Permalink | TrackBack (21) | Top of page | Blog Home
March 25, 2004
Stand and Fight: An Arsenal for Spam Victims
Basics: Stand and Fight: An Arsenal for Spam Victims
By J. D. BIERSDORFER
HE subject lines on junk e-mail may present rich source material for cultural anthropologists, but for most users, spam is simply a maddening headache. Fortunately, effective weapons are emerging in the Battle of the In-Box.
You can install special software that works alongside your e-mail program to filter incoming messages, or choose a new e-mail program with ingenious spam-blocking features. Or, because spammers frequently use fake return addresses to evade filters as they blast out millions of messages, you may choose to install a companion program that requires the sender to verify his or her identity before the message can be delivered. Such options enable you to stand firm against spam without having to get a new e-mail address.
Add-On Programs
Most of the programs created specifically for screening out spam have a similar lineup of features. They allow you to import the names in your e-mail address book so that all your regular correspondents are already on the approved list. You can create custom filters and set the software to monitor several e-mail accounts. Some of the programs even provide handy toolbar buttons that integrate with common programs like Outlook Express, so that a junk message can be disposed of with a click.
These types of programs, most of which work with a variety of e-mail software, give you considerable control in managing your spam. They run independently of your mail program, though, so you have to remember to start them up. Once you do, the spam-swatting program typically checks your mail server and downloads the mail, filters it and then sends on the legitimate mail to your regular in-box. You can scan the contents of the program's spam holding pen, rescue any mistakenly blocked messages and quickly delete the rest.
SpamKiller 5.0, McAfee Security's latest spam-busting program, works with most stand-alone e-mail programs for the PC that use the POP3 or MAPI protocols for fetching mail from the mail server, as well as with MSN/Hotmail accounts. It requires Windows 98 or later and can be downloaded for $39.99 at www.mcafee.com or purchased on CD for $49.95; a yearlong subscription for filter updates is included.
The program's filters are thorough; they even have the scanning power to quash scams and virus hoaxes forwarded by friends. SpamKiller can generate complaint letters to be sent to the spammer's Internet provider, although spammers' addresses are so commonly forged that this tactic is less effective than it once was.
Spamfire Pro from Matterform Media works with just about any e-mail program using the POP3 protocol and it is also one of those rare programs that works with both Windows 98 and later and Mac OS 9 and X. A free 15-day trial version is available for a test drive, and buyers ($39.95; www .matterform.com) get a free year of spam-filter updates. The program's graphical toolbar lets you quickly add friends and enemies to your filter lists, and even more gratifying, it offers a Revenge menu.
The Revenge menu, which comes with a disclaimer warning against abusing it, includes straightforward tasks like generating a fake bounce message to indicate that your e-mail account has been closed. If the message seems like a scam, you can use the menu to forward it to the Federal Trade Commission.
The Revenge menu includes two more satisfying options for those who have had quite enough spam, thank you. A Bug the WebBugs feature strips out the invisible tracking code buried in the message and replaces it with gibberish or any message you choose before sending it back to the spammer's logs. And a Toll-Free Numbers item locates the free telephone numbers listed in the spam in case you would like to personally tell the merchant what you think of his marketing efforts.
Built-In Filters
Some e-mail programs themselves now include aggressive mail-blocking tools, eliminating the need for you to buy and install a separate program just for spam control.
Eudora 6.0 by Qualcomm, the latest edition of a 15-year-old e-mail program named after the author Eudora Welty, works with most versions of the Windows and Macintosh operating systems using the POP3 or IMAP4 protocols for e-mail. There is a free version of Eudora, but it is the paid edition that gets you integrated spam filtering. The full version of Eudora 6.0 sells for $49.95 (an upgrade is $39.95) at www.eudora.com.
Longtime Eudora users will find a mostly familiar interface, with an addition: a SpamWatch feature. After setting up SpamWatch in the program's preferences and deciding how aggressively you want to screen your mail (stricter settings increase the chance that legitimate messages get nabbed, but looser restrictions may allow more spam to slither through), you simply let Eudora check the mail as usual.
As the program downloads mail from the server, it quickly screens each message. Messages that trip your selected SpamWatch trigger get dumped in a Junk mailbox and everything else continues on its way to you. If spam does get through, you can either select the message and label it as Junk for the program's future reference or raise the filtering level by adjusting your SpamWatch preferences.
Many other e-mail programs, including Web-based mail systems like Hotmail, are now including dedicated spam filters. Microsoft Outlook 2003 has an option for screening junk mail, America Online 9.0 Optimized for Windows gives users more control than ever for spam screening and the Junk filter in the Apple Mail program for Mac OS X 10.2 and later efficiently shuttles spam into its own mailbox.
Challenging the Sender
Filters are always locked in a race with spammers, who will struggle to enter the in-box any way they can. An alternative approach is to use a "challenge response" program, which typically requires senders to prove they are who they say by answering an automatic e-mail reply triggered by their message to you. Obviously, this is something that spammers do not stick around to do after dumping their bulk mail.
ChoiceMail One 2.1 from DigiPortal Software is a challenge-response program that works with most Windows systems and e-mail software. You can have the program put the people in your address book on an approved list; anyone else who sends you mail must fill out a form and send it back.
Once you get the form back, you can decide whether to add the sender to your approved list. Since most spammers will never respond to the form letter, their junk mail is effectively blocked. The program, which sells for $39.95 at www.digiportal.com, can gather up and screen the mail from all your various POP3 mail accounts as well as from Web-based mail systems like Yahoo, Hotmail and America Online.
Zaep AntiSpam 2.0 from RhinoSoft, another system for Windows, is a little more complicated to set up and requires you to keep a computer on all the time, but families and small businesses with multiple e-mail accounts and multiple computers may find it appealing. The company offers more information and various price plans at www .zaep.com.
Finding the message-filtering solution that fits your needs may take some time and patience, but a mailbox free of spam, scams and shams can make life a little bit easier.
March 25, 2004 at 07:52 PM in Spam | Permalink | TrackBack (28) | Top of page | Blog Home
March 21, 2004
AOL Says It Sees Sharp Decline in 'Spam' E-Mail
Yahoo! News - AOL Says It Sees Sharp Decline in 'Spam' E-Mail
Fri Mar 19, 1:23 PM ETAdd Technology - Reuters Internet Report to My Yahoo!
By Andy Sullivan
WASHINGTON (Reuters) - America Online, the nation's largest Internet provider, said on Friday it has seen a dramatic decline in the amount of "spam" e-mail entering its network over the past month.
Other surveys have shown that the amount of spam has not declined since a national anti-spam law took effect on Jan. 1. But AOL spokesman Nicholas Graham said the company had seen a 27 percent decline since Feb. 20.
Spammers attempted to send 2.6 billion messages to AOL members on Feb. 20. That figure declined steadily and reached 1.9 billion on March 17, Graham said.
Over the same period, AOL saw its daily number of complaints from members about spam messages not caught by the service's filters drop by nearly half, to 6.8 million from 12.7 million. Graham attributed the decline to improved filtering techniques and fear of litigation under the new law.
"We hope spammers are thinking twice before hitting the send button," Graham said.
On March 9, AOL and several other large Internet providers sued hundreds of e-mail marketers in the first test of the new law.
But U.S. Internet users said in a survey released on Wednesday by the Pew Internet and American Life Project that spam was more irritating than ever.
Get-rich-quick schemes, miracle cures and other unsolicited bulk messages accounted for 62 percent of all e-mail in February, according to filtering company Brightmail Inc.
Twenty-nine percent of those surveyed said they had reduced their use of e-mail because of spam, up from 25 percent who said so last June.
AOL is a unit of Time Warner Inc. (NYSE:TWX - news).
March 21, 2004 at 11:20 PM in Spam | Permalink | TrackBack (17) | Top of page | Blog Home
Enticing Attachments Spell Trouble
Enticing Attachments Spell Trouble (TechNews.com)
By Mike Musgrove
Washington Post Staff Writer
Sunday, March 21, 2004; Page F07
Surely most people have gotten the news by now. E-mail attachments can be bad stuff. Click on the wrong file and you could be installing a bug that crashes your system, makes your financial information available to some guy in Russia or commandeers your computer for an attack on some company's Web site.
Still, people sometimes have a hard time resisting the urge to click when that strange or unexpected file-bearing e-mail arrives -- even the folks who should know better.
"As a computer professional, I know that the attachment is likely a virus, yet my curiosity wants to look inside and see what makes it tick," Ira Bland, a programmer in Ashburn, wrote in an e-mail. "It takes considerable effort to put on my logical hat and just delete the thing."
He's not alone, apparently. David Perry, global director of education at Trend Micro Inc., often gives talks at local computer user groups, which are mostly populated by tech-savvy types. Whenever he gets to the part of his standard presentation where the bad software shows up attached to an e-mail in his inbox, "people in the audience shout, 'Click on it! Click on the virus, we want to see what happens!' " he said.
For anyone still wondering whether there is such a thing as an entirely safe or trustworthy file type, the answer seems to be a simple no. A year ago, for example, security experts generally thought zip files were safe, but recent attacks using the format have turned even this once-trusted format into a rising security risk.
What's more, file types have become somewhat irrelevant as hackers have gotten better at disguising dangerous ".exe" or executable files in Windows as file types that are perceived to be less risky, such as text or Word documents.
In its default mode, for example, Windows XP presents files with the name "readme.txt.exe" as "readme.txt" -- hiding the ".exe." and making even a reasonably alert computer user think the file is a probably-harmless text file.
To protect from getting duped by such disguised executable files, some computer security experts recommend Windows XP users turn off a "hide extensions" option that is turned on by default in the operating system. To do so, click the "My Computer" button in Windows XP, choose "Tools" then "Folder Options." Choose the "View" tab and uncheck the option marked "Hide extensions for known file types."
Though Microsoft is a frequent target of criticism for the security practices in its products, computer experts generally caution that there's no way to make the computing world 100 percent safe. Computer security firms can put up more roadblocks and safeguards, but sometimes users get fooled in new ways.
These days, computer users have to learn to ignore a growing range of e-mail trickery, from e-mails that look as if they were sent by somebody familiar to e-mails that convincingly disguise themselves as bounced e-mail. As a result, computer security experts flatly counsel against clicking on any attachment that a user wasn't already expecting.
As for the unexpected e-mail attachment that appears to come from a friendly source, Alfred Huger, senior director of engineering with computer security firm Symantec Corp., said that recipients should verify that the file is legit by e-mailing or calling the sender before clicking on it.
But the most successful cons or hacks tend to play off a sense that someone will lose something if they don't click or respond, said ex-hacker Kevin Mitnick, author of a book on the subject, "The Art of Deception: Controlling the Human Element of Security."
He says people just aren't wired to ignore such e-mails, even when they know they probably should.
Mitnick uses telemarketers as an example. "People do not want them to call during dinner . . . yet the average American feels uncomfortable hanging up," he said.
TechNews.com Home
2004 The Washington Post Company
March 21, 2004 at 12:38 AM in Spam | Permalink | TrackBack (18) | Top of page | Blog Home
March 10, 2004
Top E-Mail Providers Sue Spammers Under New Law
Yahoo! News - Top E-Mail Providers Sue Spammers Under New Law
By Andy Sullivan
WASHINGTON (Reuters) - Four of the nation's largest e-mail providers said on Wednesday they had sued hundreds of online marketers under a new federal law that outlaws the worst kinds of "spam" e-mail.
The lawsuits -- filed by EarthLink Inc. (NasdaqNM:ELNK - news), Microsoft Corp. (NasdaqNM:MSFT - news), Yahoo Inc. (NasdaqNM:YHOO - news) and Time Warner Inc. (NYSE:TWX - news) unit America Online -- mark the first time the law has been tested since it took effect in January.
Six suits were filed in federal courts in California, Georgia, Virginia and Washington state. They claim the defendants obscured their identities and used other deceptive tactics to send out hundreds of millions of pitches for get-rich-quick schemes, pornography and other types of spam.
Company officials said the CAN-SPAM Act, passed last year, makes their fight easier by imposing national standards and increasing penalties to force spammers out of business.
"The lawsuits we file now have some added punch they didn't have before," AOL General Counsel Randall Boe told reporters at a news conference.
Spam accounted for 62 percent of all e-mail in February 2004, up from 50 percent six months earlier, according to anti-spam company Brightmail Inc. Internet providers say the unwanted traffic drives up bandwidth costs and frustrates customers.
The lawsuits filed Tuesday night invoke a wide array of federal and state laws, from trespass to trademark and organized crime statutes. But much of the behavior in question is specifically outlawed by CAN-SPAM.
Defendants falsified return addresses, routed their messages through other computers to cover their tracks, and used misleading subject lines like "important message from AOL," the lawsuits charged.
One group of defendants in Canada sent nearly 100 million messages to Yahoo customers in January alone and resold the e-mail addresses of those who asked to be taken off their mailing list, according to one lawsuit.
Eric Head, Matthew Head and Barry Head of Kitchener, Ontario, also tried to circumvent spam filters by including random, invisible text in each message, the lawsuit alleged.
The defendants could not be reached for comment.
"It's a myth that somehow you can evade the jurisdiction of the U.S. courts by putting a computer offshore," said Microsoft Deputy General Counsel Nancy Anderson. "Most of the individuals involved in spam reside in the United States."
The civil suits filed by the e-mail providers seek unspecified amounts of damages and penalties. Violators could also face jail time under the new law, though government prosecutors have filed no criminal charges yet.
"Every major case we've filed, we've definitely had law-enforcement interest and generally followed up, so I expect something will come out of this as well," said EarthLink Chief Privacy Officer Les Seagraves.
The Federal Trade Commission has several spam cases in the works, a spokeswoman said.
An FBI spokesman did not return a call seeking comment.
One privacy activist noted that Internet providers had ensured that the new law would prevent individual lawsuits, so their own marketing efforts wouldn't get them in hot water.
"Microsoft, AOL and Yahoo all send out vast quantities of e-mail, and they don't want to get sued," said Jason Catlett, president of the Junkbusters Corp. consulting firm. "There could have been thousands of litigants against spammers, not four."
March 10, 2004 at 06:34 PM in Spam | Permalink | TrackBack (20) | Top of page | Blog Home